53,990 research outputs found
How to Estimate the Success Rate of Higher-Order Side-Channel Attacks
The resistance of a cryptographic implementation with regards to side-channel analysis is often quantified by measuring the success rate of a given attack. This approach cannot always be followed in practice, especially when the implementation includes some countermeasures that may render the attack too costly for an evaluation purpose, but not costly enough from a security point of view. An evaluator then faces the issue of estimating the success rate of an attack he cannot mount. The present paper adresses this issue by presenting a methodology to estimate the success rate of higher-order side-channel attacks targeting implementations protected by masking. Specifically, we generalize the approach initially proposed at SAC 2008 in the context of first-order side-channel attacks. The principle is to approximate the distribution of an attack\u27s score vector by a multivariate Gaussian distribution, whose parameters are derived by profiling the leakage. One can then accurately compute the expected attack success rate with respect to the number of leakage measurements. We apply this methodology to higher-order side-channel attacks based on the widely used correlation and likelihood distinguishers. Moreover, we validate our approach with simulations and practical attack experiments against masked AES implemenations running on two different microcontrollers
Undermining User Privacy on Mobile Devices Using AI
Over the past years, literature has shown that attacks exploiting the
microarchitecture of modern processors pose a serious threat to the privacy of
mobile phone users. This is because applications leave distinct footprints in
the processor, which can be used by malware to infer user activities. In this
work, we show that these inference attacks are considerably more practical when
combined with advanced AI techniques. In particular, we focus on profiling the
activity in the last-level cache (LLC) of ARM processors. We employ a simple
Prime+Probe based monitoring technique to obtain cache traces, which we
classify with Deep Learning methods including Convolutional Neural Networks. We
demonstrate our approach on an off-the-shelf Android phone by launching a
successful attack from an unprivileged, zeropermission App in well under a
minute. The App thereby detects running applications with an accuracy of 98%
and reveals opened websites and streaming videos by monitoring the LLC for at
most 6 seconds. This is possible, since Deep Learning compensates measurement
disturbances stemming from the inherently noisy LLC monitoring and unfavorable
cache characteristics such as random line replacement policies. In summary, our
results show that thanks to advanced AI techniques, inference attacks are
becoming alarmingly easy to implement and execute in practice. This once more
calls for countermeasures that confine microarchitectural leakage and protect
mobile phone applications, especially those valuing the privacy of their users
Proposal for Implementing Device-Independent Quantum Key Distribution based on a Heralded Qubit Amplification
In device-independent quantum key distribution (DIQKD), the violation of a
Bell inequality is exploited to establish a shared key that is secure
independently of the internal workings of the QKD devices. An experimental
implementation of DIQKD, however, is still awaited, since hitherto all optical
Bell tests are subject to the detection loophole, making the protocol
unsecured. In particular, photon losses in the quantum channel represent a
fundamental limitation for DIQKD. Here, we introduce a heralded qubit amplifier
based on single-photon sources and linear optics that provides a realistic
solution to overcome the problem of channel losses in Bell tests.Comment: 5 pages, 4 figures, 6 page appendi
Heisenberg-limited eavesdropping on the continuous-variable quantum cryptographic protocol with no basis switching is impossible
The Gaussian quantum key distribution protocol based on coherent states and
heterodyne detection [Phys. Rev. Lett. 93, 170504 (2004)] has the advantage
that no active random basis switching is needed on the receiver's side. Its
security is, however, not very satisfyingly understood today because the bounds
on the secret key rate that have been derived from Heisenberg relations are not
attained by any known scheme. Here, we address the problem of the optimal
Gaussian individual attack against this protocol, and derive tight upper bounds
on the information accessible to an eavesdropper. The optical scheme achieving
this bound is also exhibited, which concludes the security analysis of this
protocol.Comment: 10 pages, 6 figure
Device independent quantum key distribution secure against coherent attacks with memoryless measurement devices
Device independent quantum key distribution aims to provide a higher degree
of security than traditional QKD schemes by reducing the number of assumptions
that need to be made about the physical devices used. The previous proof of
security by Pironio et al. applies only to collective attacks where the state
is identical and independent and the measurement devices operate identically
for each trial in the protocol. We extend this result to a more general class
of attacks where the state is arbitrary and the measurement devices have no
memory. We accomplish this by a reduction of arbitrary adversary strategies to
qubit strategies and a proof of security for qubit strategies based on the
previous proof by Pironio et al. and techniques adapted from Renner.Comment: 13 pages. Expanded main proofs with more detail, miscellaneous edits
for clarit
Trojan-horse attacks threaten the security of practical quantum cryptography
A quantum key distribution system may be probed by an eavesdropper Eve by
sending in bright light from the quantum channel and analyzing the
back-reflections. We propose and experimentally demonstrate a setup for
mounting such a Trojan-horse attack. We show it in operation against the
quantum cryptosystem Clavis2 from ID~Quantique, as a proof-of-principle. With
just a few back-reflected photons, Eve discerns Bob's secret basis choice, and
thus the raw key bit in the Scarani-Ac\'in-Ribordy-Gisin 2004 protocol, with
higher than 90% probability. This would clearly breach the security of the
cryptosystem. Unfortunately in Clavis2 Eve's bright pulses have a side effect
of causing high level of afterpulsing in Bob's single-photon detectors,
resulting in a high quantum bit error rate that effectively protects this
system from our attack. However, in a Clavis2-like system equipped with
detectors with less-noisy but realistic characteristics, an attack strategy
with positive leakage of the key would exist. We confirm this by a numerical
simulation. Both the eavesdropping setup and strategy can be generalized to
attack most of the current QKD systems, especially if they lack proper
safeguards. We also propose countermeasures to prevent such attacks.Comment: 22 pages including appendix and references, 6+2 figure
- …